I’ve Just Been Phished – Now What?

You were innocently cruising around Facebook, and noticed one of your trusted friends had an interesting post – “Watch this girl – she forgot she left her cam on!” Seems like an interesting link, and it comes from someone you know and trust. After all, they’re in your tight group of Facebook friends, right?

You click on the link, it looks a little funny because it says that you have to agree that you are over 16. That’s odd, none of your other Facebook links do that, but – well, the video does look kinda funny. Maybe she even does something risqué. Who wouldn’t click “Play Video” – it can’t be that bad, it’s on Facebook. Right?

A new screen pops up, and you can see the familiar box in the bottom corner. There’s a pic of the cute girl, and some weird language – but it’s probably fine. Right?

And then – a security test? The only clickable links are asking “how to win an iPad, how to win an iPhone4” – how odd. This is the part you want to be careful about. These links will take you to sites that will try and get as much info as they can from you – so they can use it in malicious ways. Most people know not to complete these forms, but if they catch you on a bad day, or you really, really want a free iPhone4/iPad – you might be one of the folks that fill out the form. The point of this particular scam is to get you to complete the surveys, which the scam creator will get paid for each survey completed.

It doesn’t really matter, because you’ve already given them access to your Facebook account the moment you said “Jaa”- which is Finnish for “Share”. Fortunately, this particular app only posts the video to your wall in hopes of luring your friends into doing the same thing, so they too can have the chance to “win an iPad”, but other apps can be more malicious, including:

You’ve been tagged in a photo from someone outside of your friends list – a variation on the survey scam

A few things to watch for:

Links that say they are to a video but have apps.facebook.com as the description.

English. If you’re on Facebook, but the language is set to something other than the language you normally see, your spideysense should be tingling.

If it’s too good to be true – it is. Not “it probably is.” It is. Nothing for free.

If you have been hacked or phished –4 steps to take to get back to normal:

Reclaim your Facebook Account – get the Facebook team involved in the process so they can prevent it from happening to others.

Change Your Passwords – ‘nuff said

Scan your computer – if you don’t have a good antivirus running already – well, get one. If you have Windows, and you aren’t running an up to date antivirus program, you WILL be infected (but – you probably already are.) – Scan your computer

Notify your friends and family – You don’t need to tell them why you were checking out the link, just that maybe they should be careful. You’ve “heard” that there are some strange activities out there, and you want to protect them. You could even write a blog post about it…

The folks at FacebookCrooks.com have created a great list to follow to help you get unhacked. You can also click on your account, then “Apps and Websites – edit settings” in the bottom left to see a list of the apps that you’ve approved to share your info. You might be surprised at how many you’ve already enabled.

And the worst part of this whole scam – you didn’t even get to see the video.

Tomorrow –we’ll have a look at some Twitter phishing techniques/prevention/recovery